HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Tunnel type Tunnel mode

Tunnel source/destination

address

Tunnel interface

address t

Automatic tunnel

Automatic

IPv4-compatible IPv6

tunneling

The source IPv4 address is

manually configured. The

destination IPv6 address is

automatically obtained.

IPv4-compatible IPv6

address, in the format

of ::IPv4-source-addres

s/96

6to4 tunneling

The source IPv4 address is

manually configured. The

destination IPv4 address is

automatically obtained.

6to4 address, in the

format of

2002:IPv4-source-addr

ess::/48

Intra-site automatic tunnel

addressing protocol

(ISATAP) tunneling

The source IPv4 address is

manually configured. The

destination IP address is

automatically obtained.

ISATAP address, in the

format of

Prefix:0:5EFE:IPv4-sour

ce-address/64

1. IPv6 over IPv4 manual tunneling

An IPv6 over IPv4 manual tunnel is a point-to-point link and its source and destination IPv4

addresses are manually configured. You can establish an IPv6 over IPv4 manual tunnel to connect

isolated IPv6 networks over an IPv4 network, or connect an IPv6 network to an IPv4/IPv6

dual-stack host over an IPv4 network.

2. Automatic IPv4-compatible IPv6 tunneling

An automatic IPv4-compatible IPv6 tunnel is a point-to-multipoint link. Both ends of the tunnel use

IPv4-compatible IPv6 addresses. The address format is 0:0:0:0:0:0:a.b.c.d/96, where a.b.c.d is

the IPv4 address of the tunnel destination. This mechanism simplifies tunnel establishment.

Automatic IPv4-compatible IPv6 tunnels have limitations because IPv4-compatible IPv6 addresses

must use globally unique IPv4 addresses.

3. 6to4 tunneling

{ Ordinary 6to4 tunneling

A 6to4 tunnel is a point-to-multipoint automatic tunnel. It is built between border routers and is

used to connect multiple isolated IPv6 networks over an IPv4 network. The destination IPv4

address of a 6to4 tunnel is embedded in the destination 6to4 addresses of packets. This

mechanism enables the device to automatically get the tunnel destination address, simplifying

tunnel establishment.

The 6to4 address format is 2002:abcd:efgh:subnet number::interface ID/64, where 2002 is

the fixed IPv6 address prefix, and abcd:efgh represents a 32-bit globally unique IPv4 address

in hexadecimal notation. For example, 1.1.1.1 can be represented by 0101:0101. The IPv4

address identifies a 6to4 network (an IPv6 network where all hosts use 6to4 addresses). The

border router of a 6to4 network must have the IPv4 address abcd:efgh configured on the

interface connected to the IPv4 network. The subnet number identifies a subnet in the 6to4

network. The subnet number::interface ID uniquely identifies a host in the 6to4 network.

6to4 tunneling uses an IPv4 address to identify a 6to4 network. This method overcomes the

limitations of automatic IPv4-compatible IPv6 tunneling.

{ 6to4 relay

A 6to4 tunnel is only used to connect 6to4 networks using IP prefix 2002::/16. IPv6 network

addresses such as 2001::/16 might also be used in IPv6 networks. To connect a 6to4 network

to an IPv6 network, a 6to4 router must be used as a gateway to forward packets to the IPv6

network. Such a router is called a 6to4 relay router.